Building a Compliant Private Investment Platform

A private circle, not a public marketplace

There's an EU regulation that most people in real estate investment never hear about. Article 1(4)(b) of the Prospectus Regulation (2017/1129) says that if you offer an investment opportunity to fewer than 150 people in a member state, you don't need a prospectus. No regulatory approval process. No 200-page disclosure document. No months of waiting.

This isn't a loophole. It's deliberate policy. The EU recognises that private investment circles have existed for centuries — a small group of people sharing opportunities among themselves is fundamentally different from advertising to the public. The regulation draws the line there.

We built a platform around this principle. The Aegis Brightsmark Investment Club is a private, invitation-only platform where pre-qualified members evaluate real estate development opportunities within this legal framework. Not a crowdfunding site. Not a public marketplace. A closed circle with proper tooling.

This article explains how we designed the technical architecture to stay within the regulation, and why the constraints actually made for a better product.

The 150-person threshold and qualified investors

The 150-person limit sounds simple. It isn't.

The regulation distinguishes between qualified investors (sometimes called professional investors) and retail investors. Qualified investors (those meeting specific MiFID II criteria around portfolio size, professional experience, or transaction frequency) are exempt from the count entirely. A project could be visible to 500 qualified investors and 149 retail investors, and still fall within the exemption.

Under MiFID II, a retail investor qualifies as professional on request by meeting at least two of three conditions:

1. An investment portfolio exceeding €500,000
2. At least one year of professional experience in the financial sector
3. A track record of at least 10 significant transactions per quarter over the past year

This creates a real engineering challenge: the platform must classify every member, count retail viewers per project in real time, and block the 151st retail viewer automatically, while letting qualified investors through unrestricted. Getting this wrong breaks the legal exemption.

We built a self-certification flow where members declare their qualification basis. The system requires at least two criteria, timestamps the certification, and maintains a full audit trail. Qualification can be revoked, and every status change is recorded. If a regulator asks why a particular member had unrestricted access, the platform can show exactly when they certified, on what basis, and whether that certification was valid at the time of access.

Invitation-only by design

There is no public sign-up page for the Investment Club. Every member joins through a personal invitation from an existing member.

This serves the compliance model directly. If you're broadcasting investment opportunities on the internet and hoping fewer than 150 people notice, you don't have a private circle. You have a public offering without a prospectus. The invitation chain establishes that opportunities are shared within a defined community, not advertised to the world.

From a practical standpoint, it also creates a trust layer. Members vouch for the people they invite. Every member traces back through a clear chain to the founding circle. That social fabric matters more than any algorithmic reputation system when real capital is at stake.

How access control works

Access control on this platform isn't a feature — it's the core product. Who can see what, when they saw it, and whether showing it to them was legally permissible is the entire value proposition.

Each project has a visibility mode:

• Club visibility — the standard mode. Members request access, the system checks whether the retail limit has been reached for that project. If slots are full, retail investors join a waitlist and get notified when a spot opens with a time-limited claim window.
• Private visibility — access via a unique token link shared directly by the project sponsor. This supports the "reverse solicitation" model, where the investor approaches the opportunity rather than the other way around. Retail access still counts toward the 150 threshold.

Every access grant records the timestamp, method, IP address, and the member's investor classification at the time. This isn't optional logging. It's the audit trail that makes the entire exemption defensible.

What members actually see

Once inside the platform, members browse real estate development projects, each with its own detail page containing the location, projected returns, minimum investment, project timeline, and supporting documents. Think property reports, financial projections, site photographs, and legal summaries. All documents are scoped to the project and only visible to members who have been granted access.

The platform tracks investment progress in real time. Members can see how much interest a project has attracted (expressed through Letters of Intent) without seeing who else is invested. This transparency helps members gauge momentum without compromising anyone's privacy.

What the platform doesn't include matters just as much: no discussion forum, no chat, no social features. Members evaluate opportunities independently and make their own decisions. The platform informs. It doesn't influence.

Letters of Intent — not transactions

The platform does not handle money. Deliberately, not as a limitation.

When a member is interested in an opportunity, they submit a non-binding Letter of Intent (LOI), stating their interest and the amount they're considering, with no legal obligation created. The actual investment happens through separate agreements between the investor and the developer, outside the platform.

Which is exactly how private real estate investment works anyway. Serious investors don't commit capital through a web form. They review documents, consult advisors, negotiate terms, and then make decisions. Our platform handles the discovery and evaluation phase, connecting qualified people with curated opportunities. The financial transaction is between the parties involved.

Each LOI has a reference number, email confirmation, and a 48-hour expiration window. Developers can countersign confirmed LOIs. Every step is timestamped. The platform provides structure and a paper trail without inserting itself into the financial relationship.

Compliance-first engineering

Several technical decisions were driven directly by the regulatory environment:

• Mandatory two-factor authentication. The platform hosts confidential investment documents and personal investor data. Optional 2FA isn't sufficient; it's required for every member.
• Comprehensive activity logging. Access grants, document views, classification changes, LOI submissions, and all administrative actions generate timestamped audit records.
• Bilingual from day one. The platform serves Lithuanian and English-speaking investors. Every legal disclaimer, notification, and confirmation flow exists in both languages, reviewed for accuracy, not just machine-translated.
• Immutable records. In a regulated environment, data doesn't disappear. Deleted records are preserved for the audit trail.

We built the platform on Laravel with Vue and Inertia.js, a stack we ship fast with. Compliance platforms need to iterate quickly. Regulations get clarified, interpretations shift, and the software must adapt in days. The platform currently runs over 900 automated tests to ensure that compliance-critical behaviour doesn't regress with updates.

What we learned

Our initial designs included AI-powered deal scoring, automated comparable analysis, and a real-time chat system. We cut all of it. Regulatory constraints that seemed limiting actually focused the product. Members needed projects, access control, documents, and LOIs. That's what we built. Simpler to use than the feature-heavy version would have been, and fully compliant.

Every feature request now gets filtered through one question: does this push us into regulated territory? No payment processing, no fund pooling, no return projections, no investment advice. Defining what we can't do before deciding what we can kept the scope clear and the legal exposure minimal.

We also didn't need the social features we originally planned. In a public marketplace, trust comes from ratings and reviews. In a private circle, trust comes from relationships. The invitation chain, member profiles, attribution of analysis. Transparency about who said what and who brought whom turned out to matter more than any reputation algorithm.

The club is open to new members

The Aegis Brightsmark Investment Club is live and serving its members. Founded by Marijus Plančiūnas — former CEO of Paysera, the largest fintech company in the Baltics — the club combines two decades of financial technology experience with a compliance-first approach to private real estate investment.

Membership is by invitation. If you're an investor interested in real estate development opportunities within a regulated, transparent framework, reach out to us to learn about joining the circle.

If you're a technical team exploring how to build your own compliant investment platform, we've been through the full cycle from regulatory research to production. We're happy to discuss architecture, compliance, or the specific engineering challenges of operating under Article 1(4)(b). Get in touch.

You can also explore our other engineering work: how we applied Domain-Driven Design in Laravel, how event sourcing powers our open-source banking platform, or how we use Shamir's Secret Sharing to protect private keys in our crypto wallet.